SVCHOST.EXE infected with malware

Hello

It seems to be a very common problem lately. However, I can’t find out any other possibility than coming here and request some help. It has been a week or two that I have been infected by URL such as anythicago & more.
Would you help me to go through ?
thank you very much in advance !!

FRST + Addition attached

Monitoring…

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

I Still have some coming back when I reboot !

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

done !

You cannot have two antivirus products on the same PC. Either uninstall McAfee or Avast.

McAfee is now unistalled

Hi jonasthing :slight_smile:

After unintalling McAfee, did you also run the McAfee Consumer Product Removal (MCPR) tool to get rid of all leftovers ?
For instructions see http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS101331 and scroll down to step 2.

Greetz, Red.

Thank you Rednose,
However, I still get Malwares attacking me this morning. Is there anithing else I can do ? :slight_smile:

Can you make a picture of this warning?

So, this is a little preview of what my PC suffers now. Is it what you mean ?

URL : http://simplesitescan.net/4141/CutterSystem_142669222922984.dll
Infection : URL:Mal
Processus : C:\Windows\System32\svchost.exe

URL : http://simplesitescan.net/4141/PragmaEngine_142669353208041.dll
Infection : URL:Mal
Processus : C:\Windows\System32\svchost.exe

URL : http://opticguardzip.net/4141/SystemVisual_142669159145377.dll
Infection : URL:Mal
Processus : C:\Windows\System32\svchost.exe

URL : http://opticguardzip.net/4141/CutterSystem_142669222929184.dll
Infection : URL:Mal
Processus : C:\Windows\System32\svchost.exe

you can add also alwaysisobar and anythicago…

Thank you very much TwinHeadedEagle

EDIT : It appears mostly when I restart turn my PC from standby mode, but less when I reboot

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Fix with ZOEK

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
chrdefaults;
ffdefaults;
bitsadmin /reset /allusers;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

there it is !

it sounds better tonight, I will give a confirmation tomorrow !

Thank you very much anyway !

EDIT : THANK YOU :smiley:

Everything okay now?